Project 5: Data Loss Prevention
Step 1: Create the Team Project Charter
As described in the scenario, you will be working in a small team (usually five members). Your instructor has provided an area for your group discussions, collaboration, and file sharing. Take some time to learn about your teammates (introductions, LinkedIn profiles and bios) to understand the experience and expertise of the team members.
Studies on teamwork outline the typical team stages of forming, storming, norming, and performing (see Tuckman, Bruce W. (1965), “Developmental sequence in small groups,” Psychological Bulletin, 63, 384-399.) This guidance on teamwork may be helpful.
In order to do well, you and your team members must start communicating or “forming” immediately and discuss how you will divide the work. Review the project and if you have portions of the work that play well to your strengths, make this known to your team members. Then develop a project plan and schedule to get the work done.
Finally, agree on a communications plan, which allows your team members to know where the project stands. During this stage, you may have disagreements or differences of opinion about roles and division of work. This is a normal aspect of “storming.”
Once you start agreeing on roles and tasks, you are well on your way to “norming.” You should settle on a collaboration space and share drafts of your work in your classroom team locker so your team members and the instructor can see the work progression. All team members must contribute, but the deliverables need to be cohesive. Therefore, each of you will need to review each other’s work and help each other during the “performing” phase.
While you may have to use collaborative tools outside the classroom, maintain the key documents in the respective team project locker in the classroom. Your team will use this area to establish ground rules for communication and collaboration. Team members will gain an overview of the entire project, establish roles, agree on the division of work, and complete and sign the Team Project Charter.
If you sense problems during your team communications sessions, discuss risk management and project adjustments your team may need to make. If you sense trouble, contact your instructor and request intervention as soon as you recognize issues.
After the plan is completed, elect one person to attach or link the final document to the team project locker. This step should have been completed early in the term between Weeks 2 and 4.
Setting up the team roles and expectations is an important part of this project, and completing the charter is critical to the project’s success. When you have completed this important step, move to the next step, where you will select the devices and technologies that will be useful for your company.
Step 2: Select Devices and Technologies
By now, you have an idea of your team members and your role on the team project. Now, it’s time to get the details about the devices and technologies needed to be included in the Strategic Technology Plan for Data Loss Prevention.
You should limit the scope of this project by selecting a set of devices and technologies that are most appropriate for data loss prevention for your business mission and future success. Based on your prior knowledge of your company and based on the project roles you agreed upon in the previous step, perform independent research on the following topics and identify a set of devices and technologies that you propose for your company, and your business rationale for selecting them:
- IPv6
- internet of things (IoT)
- data loss prevention that covers:
- data loss prevention
- big data analytics
- big data integrity
- blockchain
- data obfuscation
- data masking
- operational context/context-aware security
- data tokenization
- tamperproofing
- data governance
Your team plan should include significant detail about these technologies, including what kinds of IoT devices will be appropriate for the company’s use. During your research, you should also see if there might be any issues for integration and implementation, which you will consider in greater detail in a later step in the project.
When you’ve finished detailing the proposed devices and technologies, move to the next step, where the team will outline its goals on how the devices and technologies will ensure the company is prepared for future vulnerabilities.
Step 3: Develop Goals and Objectives
You and your team members have outlined the proposed devices and technologies for the data loss prevention plan. Next, focus on the organizational mission and develop a set of goals and objectives to show how your set of chosen devices and technologies will help your company prepare for the future. Include a discussion for deploying, maintaining, and securing these devices and technologies.
This section of the team plan should also include a discussion on the devices and technologies’ impact to the existing company infrastructure and security.
When you’ve completed this section, move to the next step, where you and your team members will conduct a detailed analysis of each device and technology.
Step 4: Prepare a SWOT Analysis Table
You’ve identified the technologies and devices, and listed the goals and objectives for their use in the organization. In this step, you will justify adding these devices and technologies to the network infrastructure.
In order to do this, perform a strengths, weaknesses, opportunities, and threats (SWOT) analysis of each device/technology being introduced into the infrastructure. A SWOT analysis is a framework that allows you to identify internal and external factors that can affect the implementation of new technology. Such a process can be helpful for decision making and strategic planning.
Look at internal and external factors that could influence the successful introduction with respect to the company specific business model and operations. Internal factors are the strengths and weaknesses you found. External factors are the opportunities and threats identified during the SWOT analysis. Determine what these are. Address the following questions in your discussion:
- How do they influence the operation and maintenance of the network?
- What can be done to overcome these factors?
As cybersecurity professionals, you and your team members should stress security-related analysis and create a SWOT chart that includes internal and external factors.
This chart and the overall analysis should be a significant part of the Strategic Technology Plan for Data Loss Prevention.
In the next step, you and your team members will consider any issues that might come up when you integrate and implement the new devices and technologies.
Step 5: Address Integration and Implementation Issues
The team has now completed the SWOT analysis and chart. In this step, consider integration and implementation issues you anticipate when you introduce the new devices and technologies network.
Integration issues are problems that can arise when you try to implement them into the infrastructure. These include incompatibility issues with existing software and databases, operating systems, network routers, or switches and communications protocols.
You will need to address legacy devices in the infrastructure that could cause problems with your implementation. Such devices may have older technologies and can stop working in the new environment or be unable to communicate with these new systems. You may also encounter some infrastructure issues to consider. Include such issues in your discussion.
You may want to revisit some of the early research you conducted earlier in the project when you considered the devices and technologies that would be appropriate for the Strategic Technology Plan for Data Loss Prevention.
Include the integration and implementation section in your team plan. Then, move to the next step, where you and the team members will update a data-flow diagram and consider other devices and systems that you worked on earlier in the course to be used as part of this project.
Step 7: Plan People, Process, and Data Governance Issues
You and your team have completed the lab where you updated the company’s data-flow chart with the various systems. In this step, you will consider some overall issues for implementation. People, process, and data governance are some of the most important aspects of deploying technology. During this step, think about what processes might already be in place and what changes will be required by the introduction of the new devices and technologies. Think of governance, personnel changes, hiring, and training requirements for users and systems administrators. Determine any gaps or shortcomings that will need to be addressed now or in the future. Think of what accommodations are needed to handle the new technology being deployed in the network.
This is an important aspect of the Strategic Technology Plan for Data Loss Prevention. When it’s complete, it’s time for the team members to complete the report.
Step 8: Finalize the Report
Now that the sections of your Cybersecurity Technology Strategic Plan have been addressed and developed, you and your team members must compile, review, edit, and proofread all parts of the plan as a team and determine if there are any other challenges to address. Consider the following:
- Have you missed discussing some key impact to the organization and its network infrastructure?
- In the future, what will the organization need to do to meet its goals and objectives?
- How will your organization ensure continuous improvement?
- Are there any roadblocks?
- How can they be overcome?
Your plan should be about 12 to 15 double-spaced pages, submitted as a Word document with citations in APA format. The page count does not include figures, diagrams, tables, or citations. There is no penalty for using additional pages. Include a minimum of six references. Include a reference list in your plan.
Provide a one-page executive summary at the beginning of the paper.
In the next step, you and your team members will work on the team presentation.
Step 9: Develop the Team Presentation
In the previous step, your team completed the plan and executive summary. Now, you will prepare to present your plan to the executive team in an engaging and professional manner.
To do this, compose an asynchronous presentation using a set of about five to 10 PowerPoint slides. Your presentation should be a high-level executive overview that reflects the key elements of your team plan. Carve out the presentation so each team member has an opportunity to present for about five or six minutes.
When this step is complete, move along to the final step, where you will submit all the components of your project assignment.